Private hidden groups & friends activity stream

Just noticed a privacy concern (likely known about but I had not observed it before)

Logged in as my normal user not admin I was going through my account after accepting a friend request and happened to view my Activity > Friends screen what I saw was discussions that have taken place in a group I designated as Private Hidden for would you believe Hidden discussions It has a handful of select members one of whom I happened to be friends with in my general user guise due to that friendship I am being shown all the discussions – albeit snippets – that he has had in that group.

This clearly is really not great as I believed private hidden would be just that and am now rather concerned.

Does anyone have a quick and dirtty? solution to filtering out any mention of hidden groups from ANY activity stream? At worst I would rather hidden groups simply never showed up at all in the activity stream anywhere.

It isn’t a bug as much as it’s just not implemented yet. There isn’t any real privacy controls with buddypress which is it’s huge downfall. Still a great product in it’s infancy so not need to be too upset. But a game-plan as to how it’s addressed moving forward would be nice. I think it should be priority number 1 for 1.3. Anyone else?

@ajohnson possibly it’s not a bug , in fact I would say it’s not a bug but rather a design flaw or oversight, however I’m afraid that saying it’s just not implemented yet is not right. Private Hidden groups are described as just that, hidden and private therefore one expects that content posted in one would NOT show up publicly and it doesn’t mostly just in this one instance or at least that I have stumbled upon, and it DOES need addressing and pretty quickly otherwise it’s probably ought to be pointed out to people not to consider setting groups private and hidden until such time as they really are.

I have added a ticket #2293 to Trac on this but might well not have added it to incorrect milestone, would Andy or someone else kindly check and move if necessary.

This issue has become a little more serious as I have now discovered that it’s not just a matter that the updates/posts can be viewed but that it’s possible – as a non group member – to add a reply and that reply shows in both the activity stream view and IS posted to the hidden group.